In the past year, there have been numerous network printer vulnerabilities and new attempts to use them as a source of network attacks. Sadly, this is still a thing. Thousands of printers around the world are open and could be exploited. I wrote about this for the iBoss blog here.
As cybercriminals get better at compromising financial accounts and stealing funds, vendors are beefing up their defensive tools to prevent fraud and abuse. I had an opportunity while I was in Israel to visit Daniel Cohen (shown here) of RSA’s Anti-Fraud Command Center (AFCC), the nerve center of a division that is devoted to protecting consumers’ financial records and funds. The AFCC is an example of what a state-of-the-art web threat and fraud intelligence operation looks like. Here is my report for CSO Online.
Capture-the-flag (CTF) contests have been around for decades. One of the longest-running and more popular series began at the Vegas DEFCON show in 1996 and attracts thousands of participants. Running your own CTF contest can build security skills and help identify new internal and external talent. In this article for CSO Online, I compare CTFs with cyber ranges such as CyberGym (shown here) so you can learn what types of challenges you need to include for your own contest, how to make the contest run smoothly, and other logistics to consider.
Many years ago, the idea of making a more universal multi-factor authentication (MFA) token seemed like a good idea. Back then, hardware tokens were proliferating, and so were the number of logins for different web-based services. Out of that era, the Fast Identity Online (FIDO) Alliance was created in July 2012 and publicly announced in February 2013 to try to bring some standards to this arena. Since then, the FIDO standards have gone through several revisions and extensions, and more than 100 vendors have joined the non-profit association, including some of the largest names in the identity and authentication business.
While it has taken a while to gain traction, FIDO is now at an inflection point and has reached sufficient maturity that deploying it isn’t a matter of if, but when for most enterprises.
Hikers living off the land make use of existing nutrients and water sources to survive in the wilderness. In hacker parlance, the term “survive in the wilderness” means they cover their tracks and make use of tools and code that already exist on targeted endpoints. This hides their exploits by making them look like common administrative tasks so that detection tools can’t easily find them. Welcome to the world of PowerShell-based attacks.
PowerShell has become increasingly sophisticated and in an article I wrote for CSO Online, I show you how attackers can leverage this language for their own evil purposes.
Phishing and email spam are the biggest opportunities for hackers to enter the network. If a single user clicks on some malicious email attachment, it can compromise an entire enterprise with ransomware, cryptojacking scripts, data leakages, or privilege escalation exploits. The three email security protocols SPF, DKIM and DMARC have been invented to reduce these opportunities. Like much in the IT world, the multiple solutions don’t all necessarily overlap. In this story for CSO Online, I explain the trio and how to get them setup properly across your email infrastructure. Spoiler alert: it isn’t easy and it will take some time.
While the prices on cryptocurrencies have been all over the place in recent months, it is certainly attracting a different kind of attention from the criminal world that views them as malware opportunities. These attacks take numerous forms, including stealing funds from digital wallets, attacking currency exchanges, deploying hidden mining and initial coin offering (ICO) exploits.
The first major exploit was seen by the DAO joint Ethereum investment fund back in 2016, which suffered a DDoS attack and eventually had to shut down. While that grabbed major headlines, there have been other, less-publicized attacks on exchanges. I look at some of the more recent examples in my post for iBoss’ blog here.
One of the weak points in your enterprise may be something that you haven’t paid much attention to, your WordPress servers. When you think more critically about the issue, there are a lot of exposed attack surfaces: a Web server running PHP scripts and accessing a SQL database. Sadly, criminals have long recognized this target and have begun to focus more of their efforts on exploiting WordPress servers. Indeed, this story from last summer’s DefCon conference demonstrated how hackers were able to locate a fresh new WP site within 30 minutes of going online. In my latest post for the iBoss blog, I talk about ways to make them more secure, such as adding the WordFence plug-in shown here.
The hijacking legitimate but obscure Windows services is a tough exploit to detect. Here are two lesser known Windows services that could be vulnerable to malware attacks. You might think you can tell the difference between benign and malicious Windows services, but some of these services are pretty obscure. Do you know what ASLR and BITS are? Exactly.
You can read my latest article for HPE here.
This past year has seen its usual collection of exploits, vulnerabilities, attacks and data leaks. But let’s take a look back and see if we can learn a few lessons from the progress of time. Of all stories, it certainly seems like this year has been a watershed in terms of major ransomware attacks. From Locky, Petya, Mirai, WannaCry, and BadRabbit, we haven’t had much time in between each attack to bounce back, the attacks are getting bigger and more intrusive and more targeted.
For this and other megatrends, I offer up some suggestions for security managers too. Here are more in my iBoss blog post this week.